What is claimed is: 



CLAIMS 



vl . A method for remote administration of at least one smart card via a 

communication network, the method comprising: 

associating said at least one smart card with a remote administrator 
by storing administrator identification information of the remote administrator in 
said at lea^t one smart card; 

inserting said at least one smart card in at least one user unit; - 
employing the administrator identification information stored in said 
at least one smart card to identify the remote administrator associated with said at 
least one smart card^ and 

establishing communication between the at least one smart card and 
the remote administraton.via the communication network in accordance with the 
administrator identificationNnformation. 

2. A method according to claim 1 and wherein said establishing step is 
performed via said at least one usei\unit. 

3. A method according to claim 1 and wherein said establishing step 
comprises employing Internet Protocol^ (IP) for communication via the 
communication network. 



4. A method according to claim 1 ancl wherein said establishing step 

comprises the steps of: 

identifying a local administrator other thata the remote administrator, 
the local administrator being positioned in the comnumication network in a 
proximity to said at least one user unit; and 

determining the local administrator as a proA administrator for 
administrating said at least one smart card by transmitting at least authorization 
information from the remote administrator to the local administrator. 
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5\ A method according to claim 1 and also comprising the step of 

administrating said at least one smart card after communication with the remote 
administrator is established. 

6. \ A method according to claim 5 and wherein said administrating step 
comprises tne step of administrating said at least one smart card immediately after 
communication with the remote administrator is established, 

7. A rriethod according to claim 4 and also comprising the step of 
administrating said atyleast one smart card immediately after communication with 
the proxy administrator^^ established. 

8. A method acoarding to claim 7 and wherein said administrating step 
comprises the step of administrating said at least one smart card immediately after 
communication with the proxy achninistrator is established. 

9 A method according toVlaim 5 and wherein said administrating step 

comprises performing an administratronvinitialization procedure to at least one of 
authenticate, verify and validate said at least one smart card. 

10. A method according to claim 9vand also comprising the step of 
preventing performance of any operation other thcUi the administration initialization 
procedure until said administration initialization procedure is verified to be in 
order. \ 

11. A method according to claim 1 and wherein\aid step of employing 
the administrator identification information to identify the remote administrator 
comprises the step of identifying the at least one smart card in^ smart card data 
base at the remote administrator. \ 
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A method according to claim 1 and also comprising the step of 
accessing a protected information resource by said at least one smart card via the 
rernote administrator associated therewith. 

13. \ A method according to claim 12 and wherein said accessing step 
comprise^performing at least one administration operation. 

14. \A method according to claim 13 and wherein said at least one 
administration Operation comprises at least one of the following: transniission of a 
certificate; transmission of credentials; transmission of a key; renewal of said at 
least one smart card\. expiration date updating; renewal of an authorization to said 
at least one smart card; validity check of data in said at least one smart card; 
integrity check of data\in said at least one smart card; memory load/check; 
revocation of at least one^ of an authorization, a certificate and a smart card; 
execution of a "KILL CARD" process after a verification of a need to prevent 
operation of said at least one smart card; data load; and transmission of smart card 
chaining information. 

15. A method according t^claim 12 and wherein said accessing step 
comprises the step of performing security mechanisms for accessing the protected 
information resource by said at least one snWt card. 

16. A method according to clairk 15 and wherein said security 
mechanisms include at least one of the foUowing; unilateral or bilateral 
authentication; time stamping, non-repudiation; digital signatures; distribution of an 
encryption key; change of an encryption key; N^ncryption; and password 
authorization. 



17 A method according to claim 12 and wKerein each operation 

performed during said accessing step by at least one of said remote administrator 
and said at least one smart card is performed only upon rdceipt of an "END 
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ADMINISTRATION OPERATION" instruction at a corresponding one of said at 
least one of said remote administrator and said at least one smart card. 

18. \ ^ method according to claim 12 and wherein said remote 
administrator comprises a plurality of administrators, each operative to perform at 
least part of said step of accessing the protected information resource and/or at least 
part of an administration initialization procedure. 

19. A method according to claim 1 and wherein said communication 
network comprises at Iteast one of the following: a local-area-network (LAN); a 
metropolitan-area-networK>/MAN); and a wide-area-network (WAN). 

20. A secure accessv method for use with a communication network 
which communicates informationNbetween an information resource controller and a 
remote unit, the method cdmprisingX 

identifying, at the remore unit, a command to upload data; 

employing, in response to said command, a hash function at the 
remote unit to encode contents of at least \ portion of a memory at the remote unit 
and thereby to produce a hashed result; \ 

transmitting the hashed result to\he information resource controller; 

comparing, at the information resVirce controller, the hashed result 
with a trusted hashed result maintained at the information resource controller 
thereby to provide a comparison result; and \ 

determining integrity of the contents of the at least a portion of the 
memory at the remote unit based, at least in part, on the ccViparison result. 

21. A method according to claim 20 and wherein ssiid determining step 

comprises the step of transmitting repairing information to the remote unit to 
correct the contents of said at least a portion of the memory at the remote unit if the 
comparison result is unfavorable. \ 
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A method according to claim 20 and wherein said command is 
generated at the remote unit periodically. 

23. \ A method according to claim 20 and wherein said command is 
transmitted from the information resource controller to the remote unit periodically. 

24. \ A method according to claim 20 and wherein said command is 
generated at the remote unit following a communication failure event. 

25. A method according to claim 20 and wherein said command is 
transmitted from the\information resource controller to the remote unit following a 
communication failure\vent. 



26. A method for remote administration of a first smart card and a 

second smart card via a comniunication network, the method comprising: 

associating said tti;st smart card and said second smart card with a 
remote administrator; and 

transmittmg authorization information from said first smart card to 
said second smart card via the remote administrator and the communication 
network. 



27. A method according to claim V6 and wherein said authorization 

information comprises at least one of the folloVing: administrator identification 
information; authorization to perform a transaction, an electronic-mail message 
stored in said first smart card; and billing history inforrpation. 



28. A method according to claim 26 and wherein said communication 

network comprises at least one of the following: a local-area-network (LAN); a 
metropolitan-area-network (MAN); and a wide-area-network C^AN). 
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i9. A method according to claim 26 and wherein said communication 

ork comprises at least one of the following networks: the Internet; 
CorrujuServe; and America-On-Line. 
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30. \ A remote administrator for administrating at least one smart card via 
a commuii^cation network, the remote administrator comprising: 
a processor comprising: 

an access control module operative to control access to a 
protected inforn\ation resource; and 

a data base module operative to map said at least one smart 
card to an access co\itrol list. 



31. 



activity. 



Apparatukaccording to claim 30 and also comprising: 

a memory Operative to store a log of the communication network 



32. Apparatus accordi)^ to claim 30 and also comprising: 

communication app^atus for transmitting authorization information 
from a first smart card associated wi\h the remote administrator to a second smart 
card associated with the remote administrator via the communication network. 



33. A system for remote adminisVation of at least one smart card via a 

communication network, the system comprisim 

a remote administrator having administrator identification 

information, 

at least one user unit; and 

at least one smart card associated with Wid remote administrator by 
storing in the at least one smart card said administrator identification information of 
the remote administrator, wherein 

said at least one smart card inserted in said W least one user unit is 
operative to employ the administrator identification information to identify the 
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remote administrator associated with said at least one smart card, and to establish 
commiinication via the communication network between the at least one smart card 
and the remote administrator in accordance with the administrator identification 
information^ 

34. A\ystem for providing secure access in a communication network 

comprising: 

a remotk unit operative to identify a command to upload data, and to 
employ, in response to sm<^ command, a hash function to encode contents of at least 
a portion of a memory associated with the remote unit thereby to produce a hashed 
result; and \ 

an information reshurce controller operatively associated with said 
remote unit and operative 

to receive, from said remote unit, the hashed result, 
to compare the hashed result with a trusted hashed result 
maintained at the information resource controller thereby to provide a comparison 
result, and 

to determine integrity of the ^ntents of the at least a portion 
of the memory based, at least in part, on the comparisorw-esult. 
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